frnmst
/
blog
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity Software
Browse Source

Added content.

dev
Franco Masotti 2 years ago
parent
4da3af49b5
commit
f0d23e645c
Signed by: frnmst
GPG Key ID: 24116ED85666780A
1 changed files with 82 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 87
      _posts/2020-10-07-fail2ban.md

87
_posts/2020-10-07-fail2ban.md
Unescape View File

@ -1,7 +1,7 @@
---
title: Fail2ban
tags: [fail2ban, systemd, gitea, gotify, roundcube, filter, ban]
updated: 2020-10-07 12:24
updated: 2020-10-07 15:26
description: Customization of Fail2ban filter, rules and settings
---
@ -11,17 +11,20 @@ description: Customization of Fail2ban filter, rules and settings
- [Table of contents](#table-of-contents)
- [Introduction](#introduction)
- [Global options](#global-options)
- [Settings](#settings)
- [Logrotate](#logrotate)
- [Fail2ban](#fail2ban)
- [Systemd service](#systemd-service)
- [Jenkins](#jenkins)
- [Filters](#filters)
- [Gitea](#gitea)
- [Gotify](#gotify)
- [Roundcube](#roundcube)
- [Jenkins](#jenkins-1)
- [Jails](#jails)
- [Gitea](#gitea-1)
- [Gotify](#gotify-1)
- [Roundcube](#roundcube-1)
- [Jenkins](#jenkins-2)
<!--TOC-->
@ -29,10 +32,37 @@ description: Customization of Fail2ban filter, rules and settings
This is a list of custom filters, rules and settings I use for Fail2ban.
## Global options
## Settings
### Logrotate
Install [logrotate](https://github.com/logrotate/logrotate) then run
```
# systemctl start logrotate.timer
# systemctl enable logrotate.timer
```
Add a new file:
- `/etc/logrotate.d/jenkins`
```
/var/log/jenkins/*.log {
weekly
copytruncate
missingok
rotate 10
compress
delaycompress
notifempty
}
```
### Fail2ban
#### Global options
- `/etc/fail2ban/jail.local`
```
@ -47,7 +77,15 @@ This is a list of custom filters, rules and settings I use for Fail2ban.
action = %(action_mwl)s
```
### Systemd service
- `/etc/fail2ban/action.d/abuseipdb.conf`
```
actionban =
```
Replace the default action with an empty one
#### Systemd service
Follow the instructions reported [here](https://wiki.archlinux.org/index.php/Fail2ban#Service_hardening)
@ -90,6 +128,22 @@ Follow the instructions reported [here](https://wiki.archlinux.org/index.php/Fai
logtarget = /var/log/fail2ban/fail2ban.log
```
### Jenkins
- `/etc/conf.d/jenkins`
```
# Enable access log.
JENKINS_ACCESSLOG="--accessLoggerClassName=winstone.accesslog.SimpleAccessLogger --simpleAccessLogger.format=combined --simpleAccessLogger.file=/var/log/jenkins/access.log"
# Keep the rest.
# Add JENKINS_ACCESSLOG to the command line arguments.
JENKINS_COMMAND_LINE="$JAVA $JAVA_ARGS $JAVA_OPTS -jar $JENKINS_WAR $JENKINS_WEBROOT $JENKINS_PORT $JENKINS_AJPPORT $JENKINS_OPTS $JENKINS_ACCESSLOG"
```
See also [https://wiki.jenkins.io/display/JENKINS/Access+Logging](https://wiki.jenkins.io/display/JENKINS/Access+Logging)
## Filters
### Gitea
@ -115,6 +169,17 @@ Follow the instructions reported [here](https://wiki.archlinux.org/index.php/Fai
See [https://raw.githubusercontent.com/fail2ban/fail2ban/bb0f732ae69894b22306dd7efa213513e3acd8a2/config/filter.d/roundcube-auth.conf](https://raw.githubusercontent.com/fail2ban/fail2ban/bb0f732ae69894b22306dd7efa213513e3acd8a2/config/filter.d/roundcube-auth.conf)
### Jenkins
- `/etc/fail2ban/filter.d/jenkins.conf`
```
[Definition]
failregex = <HOST>.*?GET /loginError HTTP/1.1" 401.*?
ignoreregex =
datepattern = %%d/%%b/%%Y:%%H:%%M:%%S
```
## Jails
### Gitea
@ -154,3 +219,15 @@ Follow the instructions reported [here](https://wiki.archlinux.org/index.php/Fai
filter = roundcube-auth
logpath = /var/log/roundcubemail/errors.log
```
### Jenkins
- `/etc/fail2ban/jail.local`
```
[jenkins]
enabled = true
port = http,https
filter = jenkins
logpath = /var/log/jenkins/access.log
```

Write Preview
Loading…
Cancel
Save